lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZwQqyYNVLR2OU8jh@hu-mojha-hyd.qualcomm.com>
Date: Tue, 8 Oct 2024 00:09:05 +0530
From: Mukesh Ojha <quic_mojha@...cinc.com>
To: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
CC: Bjorn Andersson <andersson@...nel.org>,
        Mathieu Poirier
	<mathieu.poirier@...aro.org>,
        Rob Herring <robh@...nel.org>,
        Krzysztof
 Kozlowski <krzk+dt@...nel.org>,
        Conor Dooley <conor+dt@...nel.org>,
        Konrad
 Dybcio <konradybcio@...nel.org>,
        Bartosz Golaszewski
	<bartosz.golaszewski@...aro.org>,
        Manivannan Sadhasivam
	<manivannan.sadhasivam@...aro.org>,
        <linux-arm-msm@...r.kernel.org>, <linux-remoteproc@...r.kernel.org>,
        <devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/6] Peripheral Image Loader support for Qualcomm SoCs

On Sun, Oct 06, 2024 at 10:34:19PM +0300, Dmitry Baryshkov wrote:
> On Sat, Oct 05, 2024 at 02:53:53AM GMT, Mukesh Ojha wrote:
> > Qualcomm is looking to enable remote processors on the SA8775p SoC
> > running KVM Linux host and is currently trying to figure out an
> > upstream-compatible solution for the IOMMU translation scheme problem it
> > is facing when SoCs running with KVM. This issue arises due to
> > differences in how IOMMU translation is currently handled on SoCs
> > running Qualcomm EL2 hypervisor(QHEE) where IOMMU translation for any
> > device is completely owned by it and the other issue is that remote
> > processors firmware does not contain resource table where these IOMMU
> > configuration setting will be present.
> > 
> > Qualcomm SoCs running with the QHEE(EL2) have been utilizing the
> > Peripheral Authentication Service (PAS) from its TrustZone (TZ) firmware
> > to securely authenticate and reset via a single SMC call
> > _auth_and_reset_.  This call first gets trapped to QHEE, which then
> > makes a call to TZ for authentication. Once it is done, the call returns
> > to QHEE, which sets up the IOMMU translation scheme for these remote
> > processors and later brings them out of reset. The design of the
> > Qualcomm EL2 hypervisor dictates that the Linux host OS running at EL1
> > is not allowed to set up IOMMU translation for remote processors,
> > and only a single stage is being configured for them.
> > 
> > To make the remote processors’ bring-up (PAS) sequence
> > hypervisor-independent, the auth_and_reset SMC call is now entirely
> > handled by TZ. However, the problem of IOMMU handling still remains with
> > the KVM host, which has no knowledge of the remote processors’ IOMMU
> > configuration.
> > 
> > We have looked up one approach where SoC remoteproc device tree could
> > contain resources like iommus for remoteproc carveout and qcom,devmem
> > specific binding for device memory needed for remoteproc and these
> > properties are optional and will only be overlaid by the firmware if it
> > is running with non-QHEE based hypervisor like KVM.
> 
> Can you follow the approach that has been implemented for existing
> systems (ChromeOS) not using QHEE? See drivers/remoteproc/qcom_q6v5_adsp.c
> If this approach can not be used, please describe why.
>

I believe, drivers/remoteproc/qcom_q6v5_adsp.c does not follow TZ's PAS
method (Secure) of handling remoteproc that may be the reason it has
been kept separately from drivers/remoteproc/qcom_q6v5_pas.c . If we
keep this implementation align with current PAS driver we would acheive
more code reusability with less code change.

However, I am not against, if we want to keep this as separate driver
with qcom_q6v5_pas_common.c shared between the current pas driver
with QHEE vs this implementation with non-QHEE.

-Mukesh

> > 
> > - Patch 1/6 adds the iommus and qcom,devmem binding for PAS common yaml.
> > - Patch 2/6 and 3/6 add helper function to IOMMU map and unmap carveout
> >   and device memory region.
> > - Patch 4/6 adds a function to parse individual field of qcom,devmem property.
> > - Patch 5/6 add helpers to create/destroy SHM bridge for remoteproc
> >   carveout and to get memory from tzmem SHM bridge pool for remoteproc
> >   firmware metadata.
> > - Patch 6/6 enable all the required support to enable remoteproc for
> >   non-QHEE hypervisor based systems like KVM host via parsing the iommus
> >   properties and mapping/unmapping carveout and device memory based on
> >   it.
> > 
> > Komal Bajaj (1):
> >   remoteproc: qcom: Add iommu map_unmap helper function
> > 
> > Mukesh Ojha (2):
> >   remoteproc: qcom: Add support of SHM bridge to enable memory
> >     protection
> >   remoteproc: qcom: Enable map/unmap and SHM bridge support
> > 
> > Shiraz Hashim (3):
> >   dt-bindings: remoteproc: qcom,pas-common: Introduce iommus and
> >     qcom,devmem property
> >   remoteproc: qcom: Add helper function to support IOMMU devmem
> >     translation
> >   remoteproc: qcom: Add support to parse qcom,devmem property
> > 
> >  .../bindings/remoteproc/qcom,pas-common.yaml  |  42 +++++
> >  .../bindings/remoteproc/qcom,sa8775p-pas.yaml |  20 +++
> >  drivers/firmware/qcom/qcom_scm.c              |  29 +++-
> >  drivers/firmware/qcom/qcom_tzmem.c            |  14 +-
> >  drivers/remoteproc/qcom_common.c              | 148 ++++++++++++++++++
> >  drivers/remoteproc/qcom_common.h              |  38 +++++
> >  drivers/remoteproc/qcom_q6v5_pas.c            | 140 ++++++++++++++++-
> >  include/linux/firmware/qcom/qcom_scm.h        |   1 +
> >  include/linux/firmware/qcom/qcom_tzmem.h      |  10 ++
> >  9 files changed, 423 insertions(+), 19 deletions(-)
> > 
> > -- 
> > 2.34.1
> > 
> 
> -- 
> With best wishes
> Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ